1. Technical Field
The present invention generally relates to network transactions and, more particularly, to facilitating user identity verification over a network.
2. Related Art
Mobile devices, such as cell phones, laptops, and tablet PCs, may be equipped with biometric devices to assist with user identity verification. These biometric devices may include fingerprint readers, voice analyzers, retina scanners, palm readers, and facial recognition devices. One purpose of adding biometric devices to mobile devices is to create higher confidence in verifying user identity when accessing the mobile device.
Typically, a username and password are assigned to a user of a mobile device as something that the user Knows. However, the assigned username and password may be easily compromised by a malicious intruder. In contrast, a biometric signature is something that the user Has and is more difficult to forge and present as proof of identity on behalf of a true owner of a mobile device. In many cases, what the user Has is superior and a stronger form of authentication information than what the user Knows.
In use of biometric information for user authentication to a device, the intent of the user is to obtain access to an operating system running on that device. For instance, referring to a cell phone device, the mobile biometric authentication may unlock the device so that the user is able to make a phone call. However, the end-user application running on that device may still require its own form of user authentication by asking the user to provide a username and password as proof of identity before accessing any applications. Many applications on mobile devices are in this category simply because their backend application is not able to accept biometric input, and instead, they utilize a traditional username and password sign-on process. In this instance, the authentication to the backend application accessed by the mobile device is a much weaker form of username and password authentication.
In some conventional mobile devices, for a user to access a device, what the user Has (e.g., fingerprint) has become the replacement for what the user Knows (e.g., password). To some extent, even though user experience for authentication to a device has been streamlined through the use of biometric authentication, the user merely provides a biometric signature (e.g., fingerprint scan), and if that passes, the user is authenticated, and access to the device is granted. Once access to the device is granted, the user still has to provide and authenticate a username and password to obtain access to applications on that device. These applications still depend on something the user Knows and may not benefit from what the user Has.
Accordingly, there exists a need to improve security for devices and network access when authenticating user identity by coupling what the user Has with what the user Knows in a more efficient and secure manner. In some instances, this may increase the confidence of authenticating user identity and inhibit illicit access to personal data and information.